A Run-Time Framework for Ensuring Zero-Trust State of Client’s Machines in Cloud Environment

IF 5.3 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Cloud Computing Pub Date : 2024-11-20 DOI:10.1109/TCC.2024.3503358

Devki Nandan Jha;Graham Lenton;James Asker;David Blundell;Martin Higgins;David C. H. Wallom

{"title":"A Run-Time Framework for Ensuring Zero-Trust State of Client’s Machines in Cloud Environment","authors":"Devki Nandan Jha;Graham Lenton;James Asker;David Blundell;Martin Higgins;David C. H. Wallom","doi":"10.1109/TCC.2024.3503358","DOIUrl":null,"url":null,"abstract":"With the unprecedented demand for cloud computing, ensuring trust in the underlying environment is challenging. Applications executing in the cloud are prone to attacks of different types including malware, network and data manipulation. These attacks may remain undetected for a significant length of time thus causing a lack of trust. Untrusted cloud services can also lead to business losses in many cases and therefore need urgent attention. In this paper, we present <italic>Trusted Public Cloud (<sc>TPC), a generic framework ensuring the <italic>Zero-trust security of client machine. It tracks the system state, alerting the user of unexpected changes in the machine’s state, thus increasing the run-time detection of security vulnerabilities. We validated <sc>TPC on Microsoft Azure with Local, Software Trusted Platform Module (SWTPM) and Software Guard Extension (SGX)-enabled SWTPM security providers. We also evaluated the scalability of <sc>TPC on Amazon Web Services (AWS) with a varying number of client machines executing in a concurrent environment. The execution results show the effectiveness of <sc>TPC as it takes a maximum of 35.6 seconds to recognise the system state when there are 128 client machines attached.","PeriodicalId":13202,"journal":{"name":"IEEE Transactions on Cloud Computing","volume":"13 1","pages":"61-74"},"PeriodicalIF":5.3000,"publicationDate":"2024-11-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Cloud Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10758678/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

With the unprecedented demand for cloud computing, ensuring trust in the underlying environment is challenging. Applications executing in the cloud are prone to attacks of different types including malware, network and data manipulation. These attacks may remain undetected for a significant length of time thus causing a lack of trust. Untrusted cloud services can also lead to business losses in many cases and therefore need urgent attention. In this paper, we present Trusted Public Cloud (TPC), a generic framework ensuring the Zero-trust security of client machine. It tracks the system state, alerting the user of unexpected changes in the machine’s state, thus increasing the run-time detection of security vulnerabilities. We validated TPC on Microsoft Azure with Local, Software Trusted Platform Module (SWTPM) and Software Guard Extension (SGX)-enabled SWTPM security providers. We also evaluated the scalability of TPC on Amazon Web Services (AWS) with a varying number of client machines executing in a concurrent environment. The execution results show the effectiveness of TPC as it takes a maximum of 35.6 seconds to recognise the system state when there are 128 client machines attached.

查看原文本刊更多论文

确保云环境中客户机零信任状态的运行时框架

随着对云计算的空前需求，确保对底层环境的信任是一项挑战。在云中执行的应用程序容易受到不同类型的攻击，包括恶意软件、网络和数据操纵。这些攻击可能在很长一段时间内未被发现，从而导致缺乏信任。在许多情况下，不可信的云服务也可能导致业务损失，因此需要紧急关注。本文提出了一种保证客户端机器零信任安全的通用框架可信公共云（TPC）。它跟踪系统状态，提醒用户机器状态的意外变化，从而增加对安全漏洞的运行时检测。我们在Microsoft Azure上使用本地、软件可信平台模块（SWTPM）和软件保护扩展（SGX）支持的SWTPM安全提供商验证了TPC。我们还通过在并发环境中执行不同数量的客户机，评估了TPC在Amazon Web Services （AWS）上的可伸缩性。执行结果显示了TPC的有效性，因为当连接了128台客户机时，它最多需要35.6秒来识别系统状态。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Cloud Computing Computer Science-Software

CiteScore

9.40

自引率

6.20%

发文量

167

期刊介绍： The IEEE Transactions on Cloud Computing (TCC) is dedicated to the multidisciplinary field of cloud computing. It is committed to the publication of articles that present innovative research ideas, application results, and case studies in cloud computing, focusing on key technical issues related to theory, algorithms, systems, applications, and performance.